Merge pull request #2 from awmackowiak/am-logging

Fix after review

Author: awmackowiak

Diff for: src/ngx_http_modsecurity_body_filter.c

@@ -156,17 +156,17 @@ ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
 
         if (is_request_processed) {
             ngx_pool_t *old_pool;
-            struct timeval start_tv;
-            ngx_gettimeofday(&start_tv);
+            struct timespec start_tv;
+            (void) clock_gettime(CLOCK_MONOTONIC, &start_tv);
 
             old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool);
             msc_process_response_body(ctx->modsec_transaction);
             ngx_http_modsecurity_pcre_malloc_done(old_pool);
 
 /* XXX: I don't get how body from modsec being transferred to nginx's buffer.  If so - after adjusting of nginx's
    XXX: body we can proceed to adjust body size (content-length).  see xslt_body_filter() for example */
-            ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0);
             ctx->resp_body_phase_time = ngx_http_modsecurity_compute_processing_time(start_tv);
+            ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0);
             if (ret > 0) {
                 return ret;
             }

Diff for: src/ngx_http_modsecurity_common.h

@@ -169,6 +169,6 @@ ngx_int_t ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r);
 /* ngx_http_modsecurity_rewrite.c */
 ngx_int_t ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r);
 
-ngx_msec_int_t ngx_http_modsecurity_compute_processing_time(struct timeval tv);
+ngx_msec_int_t ngx_http_modsecurity_compute_processing_time(struct timespec tv);
 
 #endif /* _NGX_HTTP_MODSECURITY_COMMON_H_INCLUDED_ */

Diff for: src/ngx_http_modsecurity_header_filter.c

@@ -446,8 +446,8 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r)
         return ngx_http_next_header_filter(r);
     }
 
-    struct timeval start_tv;
-    ngx_gettimeofday(&start_tv);
+    struct timespec start_tv;
+    (void) clock_gettime(CLOCK_MONOTONIC, &start_tv);
 
     /*
      * Lets ask nginx to keep the response body in memory
@@ -527,12 +527,10 @@ ngx_http_modsecurity_header_filter(ngx_http_request_t *r)
 #endif
 
     old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool);
-    msc_process_response_headers(ctx->modsec_transaction, status, http_response_ver);    
+    msc_process_response_headers(ctx->modsec_transaction, status, http_response_ver);
     ngx_http_modsecurity_pcre_malloc_done(old_pool);
-    ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0);
-    
     ctx->resp_headers_phase_time = ngx_http_modsecurity_compute_processing_time(start_tv);
-
+    ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0);
     if (r->error_page) {
         return ngx_http_next_header_filter(r);
     }

Diff for: src/ngx_http_modsecurity_log.c

@@ -71,8 +71,8 @@ ngx_http_modsecurity_log_handler(ngx_http_request_t *r)
         dd("already logged earlier");
         return NGX_OK;
     }
-    struct timeval start_tv;
-    ngx_gettimeofday(&start_tv);
+    struct timespec start_tv;
+    (void) clock_gettime(CLOCK_MONOTONIC, &start_tv);
 
     dd("calling msc_process_logging for %p", ctx);
     old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool);

Diff for: src/ngx_http_modsecurity_module.c

@@ -33,15 +33,7 @@ static char *ngx_http_modsecurity_merge_conf(ngx_conf_t *cf, void *parent, void
 static void ngx_http_modsecurity_cleanup_instance(void *data);
 static void ngx_http_modsecurity_cleanup_rules(void *data);
 
-static ngx_int_t ngx_http_modsecurity_req_headers_phase_time(ngx_http_request_t *r,
-    ngx_http_variable_value_t *v, uintptr_t data);
-static ngx_int_t ngx_http_modsecurity_req_body_phase_time(ngx_http_request_t *r,
-    ngx_http_variable_value_t *v, uintptr_t data);
-static ngx_int_t ngx_http_modsecurity_resp_headers_phase_time(ngx_http_request_t *r,
-    ngx_http_variable_value_t *v, uintptr_t data);
-static ngx_int_t ngx_http_modsecurity_resp_body_phase_time(ngx_http_request_t *r,
-    ngx_http_variable_value_t *v, uintptr_t data);
-static ngx_int_t ngx_http_modsecurity_logging_phase_time(ngx_http_request_t *r,
+static ngx_int_t ngx_http_modsecurity_phase_time(ngx_http_request_t *r,
     ngx_http_variable_value_t *v, uintptr_t data);
 static ngx_int_t ngx_http_modsecurity_time_variable(ngx_http_request_t *r,
     ngx_http_variable_value_t *v, uintptr_t data, ngx_msec_int_t usec);
@@ -541,26 +533,26 @@ ngx_module_t ngx_http_modsecurity_module = {
 
 static ngx_http_variable_t  ngx_http_modsecurity_vars[] = {
     { ngx_string("modsecurity_req_headers_phase_time"), NULL,
-      ngx_http_modsecurity_req_headers_phase_time, 0,
-      NGX_HTTP_VAR_NOCACHEABLE, 0 },
+      ngx_http_modsecurity_phase_time, 0,
+      NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
 
     { ngx_string("modsecurity_req_body_phase_time"), NULL,
-      ngx_http_modsecurity_req_body_phase_time, 0,
-      NGX_HTTP_VAR_NOCACHEABLE, 0 },
+      ngx_http_modsecurity_phase_time, 1,
+      NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
 
     { ngx_string("modsecurity_resp_headers_phase_time"), NULL,
-      ngx_http_modsecurity_resp_headers_phase_time, 0,
-      NGX_HTTP_VAR_NOCACHEABLE, 0 },
+      ngx_http_modsecurity_phase_time, 2,
+      NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
 
     { ngx_string("modsecurity_resp_body_phase_time"), NULL,
-      ngx_http_modsecurity_resp_body_phase_time, 0,
-      NGX_HTTP_VAR_NOCACHEABLE, 0 },
+      ngx_http_modsecurity_phase_time, 3,
+      NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
 
     { ngx_string("modsecurity_logging_phase_time"), NULL,
-      ngx_http_modsecurity_logging_phase_time, 0,
-      NGX_HTTP_VAR_NOCACHEABLE, 0 },
+      ngx_http_modsecurity_phase_time, 4,
+      NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
 
-      ngx_http_null_variable
+    { ngx_null_string, NULL, NULL, 0, 0, 0 }
 };
 
 
@@ -850,21 +842,7 @@ ngx_http_modsecurity_cleanup_rules(void *data)
 
 
 static ngx_int_t
-ngx_http_modsecurity_req_headers_phase_time(ngx_http_request_t *r,
-    ngx_http_variable_value_t *v, uintptr_t data)
-{
-    ngx_http_modsecurity_ctx_t *ctx;
-
-    ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
-    if (ctx == NULL) {
-        return NGX_ERROR;
-    }
-    return ngx_http_modsecurity_time_variable(r, v, data, ctx->req_headers_phase_time);
-}
-
-
-static ngx_int_t
-ngx_http_modsecurity_req_body_phase_time(ngx_http_request_t *r,
+ngx_http_modsecurity_phase_time(ngx_http_request_t *r,
     ngx_http_variable_value_t *v, uintptr_t data)
 {
     ngx_http_modsecurity_ctx_t *ctx;
@@ -873,49 +851,21 @@ ngx_http_modsecurity_req_body_phase_time(ngx_http_request_t *r,
     if (ctx == NULL) {
         return NGX_ERROR;
     }
-    return ngx_http_modsecurity_time_variable(r, v, data, ctx->req_body_phase_time);
-}
 
-
-static ngx_int_t
-ngx_http_modsecurity_resp_headers_phase_time(ngx_http_request_t *r,
-    ngx_http_variable_value_t *v, uintptr_t data)
-{
-    ngx_http_modsecurity_ctx_t *ctx;
-
-    ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
-    if (ctx == NULL) {
-        return NGX_ERROR;
-    }
-    return ngx_http_modsecurity_time_variable(r, v, data, ctx->resp_headers_phase_time);
-}
-
-
-static ngx_int_t
-ngx_http_modsecurity_resp_body_phase_time(ngx_http_request_t *r,
-    ngx_http_variable_value_t *v, uintptr_t data)
-{
-    ngx_http_modsecurity_ctx_t *ctx;
-
-    ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
-    if (ctx == NULL) {
-        return NGX_ERROR;
-    }
-    return ngx_http_modsecurity_time_variable(r, v, data, ctx->resp_body_phase_time);
-}
-
-
-static ngx_int_t
-ngx_http_modsecurity_logging_phase_time(ngx_http_request_t *r,
-    ngx_http_variable_value_t *v, uintptr_t data)
-{
-    ngx_http_modsecurity_ctx_t *ctx;
-
-    ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
-    if (ctx == NULL) {
-        return NGX_ERROR;
+    switch(data) {
+        case 0:
+            return ngx_http_modsecurity_time_variable(r, v, data, ctx->req_headers_phase_time);
+        case 1:
+            return ngx_http_modsecurity_time_variable(r, v, data, ctx->req_body_phase_time);
+        case 2:
+            return ngx_http_modsecurity_time_variable(r, v, data, ctx->resp_headers_phase_time);
+        case 3:
+            return ngx_http_modsecurity_time_variable(r, v, data, ctx->resp_body_phase_time);
+        case 4:
+            return ngx_http_modsecurity_time_variable(r, v, data, ctx->logging_phase_time);
+        default:
+            return -1;
     }
-    return ngx_http_modsecurity_time_variable(r, v, data, ctx->logging_phase_time);
 }
 
 
@@ -946,10 +896,10 @@ ngx_http_modsecurity_time_variable(ngx_http_request_t *r,
 
 
 ngx_msec_int_t
-ngx_http_modsecurity_compute_processing_time(struct timeval tv) {
-    struct timeval current_tv;
-    ngx_gettimeofday(&current_tv);
-    return (ngx_msec_int_t) ((current_tv.tv_sec - tv.tv_sec) * 1000000 + (current_tv.tv_usec - tv.tv_usec));
+ngx_http_modsecurity_compute_processing_time(struct timespec tv) {
+    struct timespec current_tv;
+    (void) clock_gettime(CLOCK_MONOTONIC, &current_tv);
+    return (ngx_msec_int_t) ((current_tv.tv_sec - tv.tv_sec) * 1000000 + (current_tv.tv_nsec - tv.tv_nsec) / 1000);
 };
 
 /* vi:set ft=c ts=4 sw=4 et fdm=marker: */

Diff for: src/ngx_http_modsecurity_pre_access.c

@@ -140,8 +140,8 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r)
         int ret = 0;
         int already_inspected = 0;
 
-        struct timeval start_tv;
-        ngx_gettimeofday(&start_tv);
+        struct timespec start_tv;
+        (void) clock_gettime(CLOCK_MONOTONIC, &start_tv);
 
         dd("request body is ready to be processed");
 
@@ -212,11 +212,8 @@ ngx_http_modsecurity_pre_access_handler(ngx_http_request_t *r)
 /* XXX: once more -- is body can be modified ?  content-length need to be adjusted ? */
 
         old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool);
-
         msc_process_request_body(ctx->modsec_transaction);
-
         ctx->req_body_phase_time = ngx_http_modsecurity_compute_processing_time(start_tv);
-
         ngx_http_modsecurity_pcre_malloc_done(old_pool);
 
         ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0);

Diff for: src/ngx_http_modsecurity_rewrite.c

@@ -51,9 +51,8 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
     if (ctx == NULL)
     {
         int ret = 0;
-        struct timeval start_tv;
-
-        ngx_gettimeofday(&start_tv);
+        struct timespec start_tv;
+        (void) clock_gettime(CLOCK_MONOTONIC, &start_tv);
 
         ngx_connection_t *connection = r->connection;
         /**
@@ -208,10 +207,8 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
         msc_process_request_headers(ctx->modsec_transaction);
         ngx_http_modsecurity_pcre_malloc_done(old_pool);
         dd("Processing intervention with the request headers information filled in");
-        ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 1);
-
         ctx->req_headers_phase_time = ngx_http_modsecurity_compute_processing_time(start_tv);
-        
+        ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 1);
         if (r->error_page) {
             return NGX_DECLINED;
             }
@@ -221,5 +218,6 @@ ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r)
         }
     }
 
+
     return NGX_DECLINED;
 }